![x [OR] [UBP] Title Banner](https://no-cache.hubspot.com/cta/default/3893111/aa51436c-5f73-485a-aa99-6d6a6b3882db.png)
![[OR] [UBP] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/f97d48f5-b443-4ad0-83f8-36f7744591e6.png)
CBS-1 Deposit & Account Services
Introduction
![[OR] [UBP] [PH] [E3] [CBS] [1] [SuPS] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/bf6cd570-c698-489d-a90b-cebfddf55d7a.png)
In alignment with the guidelines set out in Bangko Sentral ng Pilipinas Circular No. 1203 Series of 2024, financial institutions are required to identify Severe but Plausible Scenarios (SbPS) that may disrupt critical business services.
These scenarios must reflect extreme yet credible events, including cyber incidents, system failures, third-party disruptions, and operational breakdowns, that could threaten service continuity and customer trust.
For CBS-1 Deposit and Account Services, identifying such scenarios enables the bank to assess vulnerabilities across end-to-end processes, strengthen resilience capabilities, and ensure alignment with regulatory expectations on operational resilience, cyber resilience, and third-party risk management.
![Banner [Table] [OR] [E3] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/f4f3c007-e864-48cd-8bc1-0242c8b7fd86.png)
Table P5: Identify Severe but Plausible Scenarios for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Severe but Plausible Scenario |
Impact / Effect |
Proactive Risk Management Action |
Link to Integration of Cyber and ICT Risks |
|
1.1 |
Customer Onboarding and Account Application |
Digital onboarding platform outage due to cloud service failure |
Inability to onboard new customers; revenue loss |
Implement multi-cloud redundancy and manual fallback onboarding |
Cloud resilience, third-party ICT dependency |
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
National ID verification API compromised or unavailable |
Delayed onboarding; compliance breaches |
Establish alternate verification channels and offline KYC procedures |
API security, data integrity risk |
|
1.3 |
Account Approval and Opening |
Internal system misconfiguration is causing an approval backlog |
Customer dissatisfaction; operational delays |
Automated workflow monitoring and approval SLAs |
Application control failures |
|
1.4 |
Initial Funding and Deposit Booking |
Payment gateway disruption is preventing initial deposits |
Account activation delays |
Integrate multiple payment gateways and reconciliation controls |
Payment system dependency risk |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
Erroneous system update altering product parameters |
Financial misstatements; regulatory breaches |
Change management controls and dual authorisation |
Configuration management risk |
|
1.6 |
Deposit Transactions Processing |
Core banking system outage due to cyberattack (e.g., ransomware) |
Transaction failure; customer impact at scale |
Deploy a cyber resilience framework, backup systems, and DR drills |
Cyberattack, ransomware, and system availability |
|
1.7 |
Withdrawal and Funds Access Processing |
ATM network failure or liquidity shortage |
Customers are unable to access funds |
ATM failover routing and liquidity monitoring |
Network disruption, endpoint security |
|
1.8 |
Account Servicing and Customer Maintenance |
CRM system downtime due to database corruption |
Delayed service requests; reputational damage |
Database replication and integrity checks |
Data corruption, database resilience |
|
1.9 |
Interest, Fees, and Charges Processing |
Batch processing failure due to a system bug |
Incorrect charges; customer complaints |
Pre-processing validation and reconciliation controls |
Batch processing system risk |
|
1.10 |
Statement, Passbook, and Balance Reporting |
Data warehouse outage affecting reporting systems |
Customers are unable to access account statements |
Implement reporting system redundancy and backups |
Data availability, analytics platform risk |
|
1.11 |
Digital Account Access and Channel Integration |
Mobile banking app compromised by malware attack |
Unauthorized access; fraud losses |
Strengthen mobile security, MFA, and fraud detection |
Mobile app security, cyber threats |
|
1.12 |
ATM and Card-Based Access Management |
Card management system breach exposing card data |
Fraudulent transactions; regulatory penalties |
Tokenization and PCI-DSS compliance controls |
Card data security, endpoint vulnerabilities |
|
1.13 |
Account Reconciliation and Exception Handling |
Reconciliation system failure leading to unmatched balances |
Financial inaccuracies; audit issues |
Automated reconciliation tools and exception escalation |
Data processing and integrity risk |
|
1.14 |
Dormancy, Holds, Restrictions, and Account Control Administration |
Incorrect account restrictions due to a system error |
Customer complaints; legal exposure |
Rule validation and audit trail monitoring |
Access control system risk |
|
1.15 |
Fraud Monitoring and Transaction Surveillance |
Fraud detection system outage during peak transactions |
Undetected fraud; financial losses |
AI-based fraud monitoring, redundancy, and escalation |
Cyber fraud, real-time monitoring risk |
|
1.16 |
Complaints, Disputes, and Service Recovery |
Contact center outage due to telecom failure |
Inability to handle customer complaints |
Multi-channel support (chat, email, branch fallback) |
Telecom dependency risk |
|
1.17 |
Regulatory Reporting and Compliance Monitoring |
Failure in the regulatory reporting system submission |
Non-compliance penalties |
Automated reporting validation and backup submission channels |
Regulatory tech (RegTech) risk |
|
1.18 |
Incident Response, Business Continuity, and Recovery |
Disaster recovery site failure during a major outage |
Prolonged service disruption |
Regular DR testing and geographically separated recovery sites |
DR infrastructure resilience |
Regulatory Alignment (BSP Circular No. 1203)
The above scenarios demonstrate compliance with key expectations from BSP Circular No. 1203, including:
- Identification of severe but plausible disruption scenarios
- Integration of ICT and cyber risk considerations
- Consideration of third-party dependencies and systemic risks
- Evidence of proactive resilience measures and scenario preparedness
![Banner [Summing] [OR] [E3] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/446ccb83-e056-40d0-aae5-834d73c13f43.png)
The identification of Severe but Plausible Scenarios for CBS-1 Deposit and Account Services provides a structured approach for Union Bank of the Philippines to anticipate and prepare for high-impact disruptions.
By embedding cyber and ICT risk considerations into each scenario, the bank strengthens its ability to withstand operational shocks while maintaining critical services.
Ultimately, these scenarios form the foundation for scenario testing, resilience improvement, and regulatory compliance, ensuring that the bank can continue delivering essential services even under extreme but credible adverse conditions.
![[OR] [UBP] [PH] [E3] [CBS] [1] [DP] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/caed34e9-155d-45e6-988d-03e9bcbb003d.png)
![[OR] [UBP] [PH] [E3] [CBS] [1] [MD] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/113936d7-f143-4c8c-87ce-63cf4fced435.png)
![[OR] [UBP] [PH] [E3] [CBS] [1] [MPR] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/64c8092a-a90a-403b-9b46-b356a1396c07.png)
![[OR] [UBP] [PH] [E3] [CBS] [1] [ITo] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/aeed3fca-6ddb-4656-8785-190e39bdc8db.png)
![[OR] [UBP] [PH] [E3] [CBS] [1] [ST] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/dfb366bd-9c4a-484c-aa95-81a7de3966f2.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
